CAS-005 Dumps Questions Increase Your Chance of Success

Category:

Comments:

0 Comments

Post Date:

August 18, 2024

Passing the CAS-005 certification exam can be challenging, which is why practicing with CAS-005 questions can greatly increase your chances of success. CompTIA CAS-005 dumps questions help you become familiar with the exam format. The CAS-005 questions are designed to mimic the actual exam, which means that you'll get a feel for the types of questions you'll encounter, the difficulty level, and the time limit. All the CAS-005 exam dumps questions are the latest version for you to study. Test free CAS-005 exam questions below.

Page 1 of 5

1. Users are willing passwords on paper because of the number of passwords needed in an environment.

Which of the following solutions is the best way to manage this situation and decrease risks?

Increasing password complexity to require 31 least 16 characters

implementing an SSO solution and integrating with applications

Requiring users to use an open-source password manager

Implementing an MFA solution to avoid reliance only on passwords

2. A security engineer wants to stay up-to-date on new detections that are released on a regular basis. The engineer's organization uses multiple tools rather than one specific vendor security stack.

Which of the following rule-based languages is the most appropriate to use as a baseline for detection rules with the multiple security tool setup?

Sigma

YARA

Snort

Rita

3. A systems engineer is configuring SSO for a business that will be using SaaS applications for its remote-only workforce. Privileged actions in SaaS applications must be allowed only from corporate mobile devices that meet minimum security requirements, but BYOD must also be permitted for other activity.

Which of the following would best meet this objective?

Block any connections from outside the business's network security boundary.

Install machine certificates on corporate devices and perform checks against the clients.

Configure device attestations and continuous authorization controls.

Deploy application protection policies using a corporate, cloud-based MDM solution.

4. A company reduced its staff 60 days ago, and applications are now starting to fail. The security analyst is investigating to determine if there is malicious intent for the application failures.

The security analyst reviews the following logs:

Mar 5 22:09:50 akj3 sshd[21502]: Success login for userOl from 192.168.2.5

Mar 5 22:10:00 akj3 sshd[21502]: Failed login for userID from 192.168.2.5

Which of the following is the most likely reason for the application failures?

The user’s account was set as a service account.

The user's home directory was deleted.

The user does not have sudo access.

The root password has been changed.

5. A user reports application access issues to the help desk.

The help desk reviews the logs for the user

Which of the following is most likely The reason for the issue?

The user inadvertently tripped the impossible travel security rule in the SSO system.

A threat actor has compromised the user's account and attempted to lop, m

The user is not allowed to access the human resources system outside of business hours

The user did not attempt to connect from an approved subnet

6. A security analyst is reviewing the following event timeline from an COR solution:

Which of the following most likely has occurred and needs to be fixed?

The Dl P has failed to block malicious exfiltration and data tagging is not being utilized property

An EDR bypass was utilized by a threat actor and updates must be installed by the administrator.

A logic law has introduced a TOCTOU vulnerability and must be addressed by the COR vendor

A potential insider threat is being investigated and will be addressed by the senior management team.

7. A company detects suspicious activity associated with external connections Security detection tools are unable to categorize this activity.

Which of the following is the best solution to help the company overcome this challenge?

Implement an Interactive honeypot

Map network traffic to known loCs.

Monitor the dark web

implement UEBA

8. A security analyst received a report that an internal web page is down after a company-wide update to the web browser.

Given the following error message:

Which of the following is the b«« way to fix this issue?

A. Rewriting any legacy web functions

B. Disabling all deprecated ciphers

C. Blocking all non-essential pons

D. Discontinuing the use of self-signed certificates

9. Recent repents indicate that a software tool is being exploited Attackers were able to bypass user access controls and load a database. A security analyst needs to find the vulnerability and recommend a mitigation.

The analyst generates the following output:

Which of the following would the analyst most likely recommend?

Installing appropriate EDR tools to block pass-the-hash attempts

Adding additional time to software development to perform fuzz testing

Removing hard coded credentials from the source code

Not allowing users to change their local passwords

10. A company is having issues with its vulnerability management program New devices/lPs are added and dropped regularly, making the vulnerability report inconsistent.

Which of the following actions should the company lake to most likely improve the vulnerability management process?

Request a weekly report with all new assets deployed and decommissioned

Extend the DHCP lease lime to allow the devices to remain with the same address for a longer period.

Implement a shadow IT detection process to avoid rogue devices on the network

Perform regular discovery scanning throughout the 11 landscape using the vulnerability management tool

Page 2 of 5

11. A security officer received several complaints from users about excessive MPA push notifications at night The security team investigates and suspects malicious activities regarding user account authentication.

Which of the following is the best way for the security officer to restrict MI~A notifications''

A. Provisioning FID02 devices

B. Deploying a text message based on MFA

C. Enabling OTP via email

D. Configuring prompt-driven MFA

12. Users must accept the terms presented in a captive petal when connecting to a guest network. Recently, users have reported that they are unable to access the Internet after joining the network.

A network engineer observes the following:

• Users should be redirected to the captive portal.

• The Motive portal runs Tl. S 1 2

• Newer browser versions encounter security errors that cannot be bypassed

• Certain websites cause unexpected re directs

Which of the following mow likely explains this behavior?

The TLS ciphers supported by the captive portal ate deprecated

Employment of the HSTS setting is proliferating rapidly.

Allowed traffic rules are causing the NIPS to drop legitimate traffic

An attacker is redirecting supplicants to an evil twin WLA

13. A company wants to invest in research capabilities with the goal to operationalize the research output.

Which of the following is the best option for a security architect to recommend?

A. Dark web monitoring

B. Threat intelligence platform

C. Honeypots

D. Continuous adversary emulation

14. Source code snippets for two separate malware samples are shown below:

Sample 1:

knockEmDown(String e) {

if(target.isAccessed()) {

target.toShell(e);

System.out.printIn(e.toString());

c2.sendTelemetry(target.hostname.toString + " is " + e.toString());

} else { target.close();

}

}

Sample 2:

targetSys(address a) {

if(address.islpv4()) {

address.connect(1337);

address.keepAlive("paranoid");

String status = knockEmDown(address.current);

remote.sendC2(address.current + " is " + status);

} else {

throw Exception e;

}

}

Which of the following describes the most important observation about the two samples?

Telemetry is first buffered and then transmitted in paranoid mode.

The samples were probably written by the same developer.

Both samples use IP connectivity for command and control.

Sample 1 is the target agent while Sample 2 is the C2 server.

15. A company receives several complaints from customers regarding its website.

An engineer implements a parser for the web server logs that generates the following output:

Which of the following should the company implement to best resolve the issue?

A. IDS

B. CDN

C. WAF

D. NAC

16. Which of the following is the security engineer most likely doing?

Assessing log in activities using geolocation to tune impossible Travel rate alerts

Reporting on remote log-in activities to track team metrics

Threat hunting for suspicious activity from an insider threat

Baselining user behavior to support advanced analytics

17. A central bank implements strict risk mitigations for the hardware supply chain, including an allow list for specific countries of origin.

Which of the following best describes the cyberthreat to the bank?

Ability to obtain components during wartime

Fragility and other availability attacks

Physical Implants and tampering

Non-conformance to accepted manufacturing standards

18. After a company discovered a zero-day vulnerability in its VPN solution, the company plans to deploy cloud-hosted resources to replace its current on-premises systems. An engineer must find an appropriate solution to facilitate trusted connectivity.

Which of the following capabilities is the most relevant?

Container orchestration

Microsegmentation

Conditional access

Secure access service edge (SASE)

19. A security administrator needs to automate alerting. The server generates structured log files that need to be parsed to determine whether an alarm has been triggered.

Given the following code function:

Which of the following is most likely the log input that the code will parse?

A)

Option A

Option B

Option C

Option D

20. A company finds logs with modified time stamps when compared to other systems. The security team decides to improve logging and auditing for incident response.

Which of the following should the team do to best accomplish this goal?

Integrate a file-monitoring tool with the SIE

Change the log solution and integrate it with the existing SIE

Implement a central logging server, allowing only log ingestion.

Rotate and back up logs every 24 hours, encrypting the backups.

Page 3 of 5

21. A security analyst wants to use lessons learned from a poor incident response to reduce dwell lime in the future The analyst is using the following data points

Which of the following would the analyst most likely recommend?

A. Adjusting the SIEM to alert on attempts to visit phishing sites

B. Allowing TRACE method traffic to enable better log correlation

C. Enabling alerting on all suspicious administrator behavior

D. utilizing allow lists on the WAF for all users using GFT methods

22. A user submits a help desk ticket stating then account does not authenticate sometimes. An analyst

reviews the following logs for the user:

Which of the following best explains the reason the user's access is being denied?

incorrectly typed password

Time-based access restrictions

Account compromise

Invalid user-to-device bindings

23. SIMULATION

During the course of normal SOC operations, three anomalous events occurred and were flagged as potential IoCs. Evidence for each of these potential IoCs is provided.

INSTRUCTIONS

Review each of the events and select the appropriate analysis and remediation options for each IoC.

24. A company’s SIEM is designed to associate the company’s asset inventory with user events.

Given the following report:

Which of the following should a security engineer investigate first as part of a log audit?

An endpoint that is not submitting any logs

Potential activity indicating an attacker moving laterally in the network

A misconfigured syslog server creating false negatives

Unauthorized usage attempts of the administrator account

25. A security architect for a global organization with a distributed workforce recently received funding lo deploy a CASB solution.

Which of the following most likely explains the choice to use a proxy-based CASB?

The capability to block unapproved applications and services is possible

Privacy compliance obligations are bypassed when using a user-based deployment.

Protecting and regularly rotating API secret keys requires a significant time commitment

Corporate devices cannot receive certificates when not connected to on-premises devices

26. Developers have been creating and managing cryptographic material on their personal laptops fix use in production environment. A security engineer needs to initiate a more secure process.

Which of the following is the best strategy for the engineer to use?

Disabling the BIOS and moving to UEFI

Managing secrets on the vTPM hardware

Employing shielding lo prevent LMI

Managing key material on a HSM

27. After an incident response exercise, a security administrator reviews the following table:

Which of the following should the administrator do to beat support rapid incident response in the future?

A. Automate alerting to IT support for phone system outages.

B. Enable dashboards for service status monitoring

C. Send emails for failed log-In attempts on the public website

D. Configure automated Isolation of human resources systems

28. A security analyst discovered requests associated with IP addresses known for born legitimate 3nd bot-related traffic.

Which of the following should the analyst use to determine whether the requests are malicious?

User-agent string

Byte length of the request

Web application headers

HTML encoding field

29. A company that relies on an COL system must keep it operating until a new solution is available.

Which of the following is the most secure way to meet this goal?

Isolating the system and enforcing firewall rules to allow access to only required endpoints

Enforcing strong credentials and improving monitoring capabilities

Restricting system access to perform necessary maintenance by the IT team

Placing the system in a screened subnet and blocking access from internal resources

30. Emails that the marketing department is sending to customers are pomp to the customers' spam folders. The security team is investigating the issue and discovers that the certificates used by the email server were reissued, but DNS records had not been updated.

Which of the following should the security team update in order to fix this issue? (Select three.)

A. DMARC

B. SPF

C. DKIM

D. DNSSEC

E. SASC

F. SAN

G. SOA

H. MX

Page 4 of 5

31. A systems administrator works with engineers to process and address vulnerabilities as a result of continuous scanning activities. The primary challenge faced by the administrator is differentiating between valid and invalid findings.

Which of the following would the systems administrator most likely verify is properly configured?

Report retention time

Scanning credentials

Exploit definitions

Testing cadence

32. DRAG DROP

An organization is planning for disaster recovery and continuity of operations.

INSTRUCTIONS

Review the following scenarios and instructions. Match each relevant finding to the affected host. After associating scenario 3 with the appropriate host(s), click the host to select the appropriate corrective action for that finding.

Each finding may be used more than once.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

33. Previously intercepted communications must remain secure even if a current encryption key is compromised in the future.

Which of the following best supports this requirement?

Tokenization

Key stretching

Forward secrecy

Simultaneous authentication of equals

34. After some employees were caught uploading data to online personal storage accounts, a company becomes concerned about data leaks related to sensitive, internal documentation.

Which of the following would the company most likely do to decrease this type of risk?

A. Improve firewall rules to avoid access to those platforms.

B. Implement a cloud-access security broker

C. Create SIEM rules to raise alerts for access to those platforms

D. Deploy an internet proxy that filters certain domains

35. A security engineer is developing a solution to meet the following requirements?

• All endpoints should be able to establish telemetry with a SIEM.

• All endpoints should be able to be integrated into the XDR platform.

• SOC services should be able to monitor the XDR platform

Which of the following should the security engineer implement to meet the requirements?

CDR and central logging

HIDS and vTPM

WAF and syslog

HIPS and host-based firewall

36. As part of a security audit in the software development life cycle, a product manager must demonstrate and provide evidence of a complete representation of the code and modules used within the production-deployed application prior to the build.

Which of the following best provides the required evidence?

Software composition analysis

Runtime application inspection

Static application security testing

Interactive application security testing

37. A security engineer is assisting a DevOps team that has the following requirements for container images:

Ensure container images are hashed and use version controls.

Ensure container images are up to date and scanned for vulnerabilities.

Which of the following should the security engineer do to meet these requirements?

Enable clusters on the container image and configure the mesh with ACLs.

Enable new security and quality checks within a CI/CD pipeline.

Enable audits on the container image and monitor for configuration changes.

Enable pulling of the container image from the vendor repository and deploy directly to operations.

38. A company plans to implement a research facility with Intellectual property data that should be protected.

The following is the security diagram proposed by the security architect

Which of the following security architect models is illustrated by the diagram?

Identity and access management model

Agent based security model

Perimeter protection security model

Zero Trust security model

39. An organization found a significant vulnerability associated with a commonly used package in a variety of operating systems. The organization develops a registry of software dependencies to facilitate incident response activities. As part of the registry, the organization creates hashes of packages that have been formally vetted.

Which of the following attack vectors does this registry address?

A. Supply chain attack

B. Cipher substitution attack

C. Side-channel analysis

D. On-path attack

E. Pass-the-hash attack

40. A company must build and deploy security standards for all servers in its on-premises and cloud environments based on hardening guidelines.

Which of the following solutions most likely meets the requirements?

Develop a security baseline to integrate with the vulnerability scanning platform to alert about any server not aligned with the new security standards.

Create baseline images for each OS in use, following security standards, and integrate the images into the patching and deployment solution.

Build all new images from scratch, installing only needed applications and modules in accordance with the new security standards.

Run a script during server deployment to remove all the unnecessary applications as part of provisioning.

Page 5 of 5

41. A systems engineer is configuring a system baseline for servers that will provide email services.

As part of the architecture design, the engineer needs to improve performance of the systems by using an access vector cache, facilitating mandatory access control and protecting against:

• Unauthorized reading and modification of data and programs

• Bypassing application security mechanisms

• Privilege escalation

• interference with other processes

Which of the following is the most appropriate for the engineer to deploy?

SELinux

Privileged access management

Self-encrypting disks

NIPS

42. An organization that performs real-time financial processing is implementing a new backup solution.

Given the following business requirements:

The backup solution must reduce the risk of potential backup compromise.

The backup solution must be resilient to a ransomware attack.

The time to restore from backups is less important than backup data integrity.

Multiple copies of production data must be maintained.

Which of the following backup strategies best meets these requirements?

Creating a secondary, immutable database and adding live data on a continuous basis

Utilizing two connected storage arrays and ensuring the arrays constantly sync

Enabling remote journaling on the databases to ensure real-time transactions are mirrored

Setting up anti-tampering on the databases to ensure data cannot be changed unintentionally

43. A security review revealed that not all of the client proxy traffic is being captured.

Which of the following architectural changes best enables the capture of traffic for analysis?

Adding an additional proxy server to each segmented VLAN

Setting up a reverse proxy for client logging at the gateway

Configuring a span port on the perimeter firewall to ingest logs

Enabling client device logging and system event auditing

44. A security officer performs due diligence activities before implementing a third-party solution into the enterprise environment. The security officer needs evidence from the third party that a data subject access request handling process is in place.

Which of the following is the security officer most likely seeking to maintain compliance?

Information security standards

E-discovery requirements

Privacy regulations

Certification requirements

Reporting frameworks

45. A compliance officer is facilitating a business impact analysis (BIA) and wants business unit leaders to collect meaningful data. Several business unit leaders want more information about the types of data the officer needs.

Which of the following data types would be the most beneficial for the compliance officer? (Select two)

Inventory details

Applicable contract obligations

Costs associated with downtime

Network diagrams

Contingency plans

Critical processes

46. SIMULATION

An IPSec solution is being deployed. The configuration files for both the VPN concentrator and the AAA server are shown in the diagram.

Complete the configuration files to meet the following requirements:

• The EAP method must use mutual certificate-based authentication (With issued client certificates).

• The IKEv2 Cipher suite must be configured to the MOST secure

authenticated mode of operation,

• The secret must contain at least one uppercase character, one lowercase character, one numeric character, and one special character, and it must meet a minimum length requirement of eight characters,

INSTRUCTIONS

Click on the AAA server and VPN concentrator to complete the configuration. Fill in the appropriate fields and make selections from the drop-down menus.

VPN Concentrator:

AAA Server:

47. Which of the following key management practices ensures that an encryption key is maintained within the organization?

A. Encrypting using a key stored in an on-premises hardware security module

B. Encrypting using server-side encryption capabilities provided by the cloud provider

C. Encrypting using encryption and key storage systems provided by the cloud provider

D. Encrypting using a key escrow process for storage of the encryption key

48. A company's SICM Is continuously reporting false positives and false negatives The security operations team has Implemented configuration changes to troubleshoot possible reporting errors.

Which of the following sources of information best supports the required analysts process? (Select two).

A. Third-party reports and logs

B. Trends

C. Dashboards

D. Alert failures

E. Network traffic summaries

F. Manual review processes

49. A company receives reports about misconfigurations and vulnerabilities in a third-party hardware device that is part of its released products.

Which of the following solutions is the best way for the company to identify possible issues at an earlier stage?

A. Performing vulnerability tests on each device delivered by the providers

B. Performing regular red-team exercises on the vendor production line

C. Implementing a monitoring process for the integration between the application and the vendor appliance

D. Implementing a proper supply chain risk management program

TAGS:

CAS-005, CAS-005 exam dumps

Notify of

Label

Name*

Email*

Website

Label

Name*

Email*

Website

0 Comments

Oldest

Newest Most Voted

Inline Feedbacks

View all comments

Get CAS-005 Dumps Full Version

Q&As: 196
Versions: PDF and Software Download Now

About Dumpsinfo

Dumpsinfo is a good platform providing the latest exam information and dumps questions for all IT certification exams. You can study all the latest exam dumps questions online.

[email protected]

Mon - Sat 9:00am - 6:00pm

CAS-005 Dumps Questions Increase Your Chance of Success

Related

Posts

Improve Your Knowledge with CV0-004 Exam Dumps

Valid PT0-003 Exam Dumps are Your best Choice to Pass

Prepare N10-009 Exam with Using N10-009 Dump Questions

Online XK0-005 Exam Dumps Help You Build Confidence

About Us

EMAIL

Services

Opening Hours